<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>
<head>
<title>Openfire: Plugin Developer Guide</title>
<link href="style.css" rel="stylesheet" type="text/css">
</head>
<body>

<div id="pageContainer">

<a name="top"></a>

    <div id="pageHeader">
        <div id="logo"></div>
        <h1>Openfire Plugin Developer Guide</h1>
    </div>
    <div class="navigation">
        <a href="index.html">&laquo; Back to documentation index</a>
    </div>

    <div id="pageBody">


<h2>Introduction</h2>

<p>
Plugins enhance the functionality of Openfire. This document is a
developer's guide for creating plugins.
</p>
<p>The plugin development is now based on <a href="https://maven.apache.org/index.html">Maven</a>(instead of Ant)</p>

<h2>What is Maven</h2>
<p>
Maven is a project management tool which can manage the complete building life cycle.
Maven simplifies and standardizes the project build process. by handling compilation, testing, library dependency, distribution, documentation and team collaboration.
The Maven developers claim that Maven is more than just a build tool. We can think of Maven as a build tool with more features.
Maven provides developers ways to manage project(Builds,Test,Documentation,Reporting,Dependencies,Releases,Distribution,Mailing List).
</p>

<h2>Structure of a Plugin</h2>
<p>
Plugins live in the <tt>plugins</tt> directory of <tt>openfireHome</tt>. When a plugin
is deployed as a JAR or WAR file, it is automatically expanded into a directory. The files in a
plugin directory are as follows:
</p>

<fieldset>
    <legend>Plugin Structure</legend>
<pre>myplugin/
 |- pom.xml         &lt;- Plugin description/configuration file of the Maven project (allows you to define the POM (Project Object Model) used by Maven).
 |- plugin.xml      &lt;- Plugin definition file
 |- readme.html     &lt;- Optional readme file for plugin, which will be displayed to end users
 |- changelog.html  &lt;- Optional changelog file for plugin, which will be displayed to end users
 |- logo_small.gif  &lt;- Optional small (16x16) icon associated with the plugin (can also be a .png file)
 |- logo_large.gif  &lt;- Optional large (32x32) icon associated with the plugin (can also be a .png file)
 |- src   
    |- classes/        &lt;- Resources your plugin needs (i.e., a properties file)
    |- database/       &lt;- Optional database schema files that your plugin needs
    |- i18n/           &lt;- Optional i18n files to allow for internationalization of plugins.
    |- lib/            &lt;- Libraries (JAR files) your plugin needs
    |- java/           &lt;- This is the directory containing the sources of the plugin application(.java files) and located in the package
    |- web             &lt;- Resources for Admin Console integration, if any
        |- WEB-INF/
            |- web.xml           &lt;- Generated web.xml containing compiled JSP entries
            |- web-custom.xml    &lt;- Optional user-defined web.xml for custom servlets
        |- images/

</pre>
</fieldset>

<p>The <tt>web</tt> directory exists for plugins that need to add content
to the Openfire Admin Console. Further details are below.</p>

<p>
The <tt>plugin.xml</tt> file specifies the main Plugin class. A sample
file might look like the following:
</p>

<fieldset>

    <legend>Sample plugin.xml</legend>
<pre class="xml">
&lt;?xml version="1.0" encoding="UTF-8"?&gt;
&lt;plugin&gt;
    <span class="comment">&lt;!-- Main plugin class --&gt;</span>
    &lt;class&gt;org.example.ExamplePlugin&lt;/class&gt;

    <span class="comment">&lt;!-- Plugin meta-data --&gt;</span>
    &lt;name&gt;Example Plugin&lt;/name&gt;
    &lt;description&gt;This is an example plugin.&lt;/description&gt;
    &lt;author&gt;Jive Software&lt;/author&gt;

    &lt;version&gt;1.0&lt;/version&gt;
    &lt;date&gt;07/01/2006&lt;/date&gt;
    &lt;url&gt;http://www.igniterealtime.org/projects/openfire/plugins.jsp&lt;/url&gt;
    &lt;minServerVersion&gt;3.0.0&lt;/minServerVersion&gt;
    &lt;licenseType&gt;gpl&lt;/licenseType&gt;

    <span class="comment">&lt;!-- Admin console entries --&gt;</span>
    &lt;adminconsole&gt;
        <span class="comment">&lt;!-- More on this below --&gt;</span>
    &lt;/adminconsole&gt;
&lt;/plugin&gt;
</pre>
</fieldset>

<p>The meta-data fields that can be set in the plugin.xml file:

<ul>
    <li>name -- the name of the plugin.</li>
    <li>description -- the description of the plugin.</li>
    <li>author -- the author of the plugin.</li>
    <li>version -- the version of the plugin.</li>
    <li>date -- the date the plugin was released. The date must be in the form MM/dd/yyyy, such
          as 07/01/2006.</li>

    <li>url -- a URL where additional information about the plugin is available.</li>
    <li>minServerVersion -- the minimum version of Openfire required
          to run the plugin (supported by Openfire 2.1.2 and later). If the
          server version is less than the required value, the plugin will not be started.</li>
    <li>priorToServerVersion -- the server version up, but not including, on which this plugin can run.</li>
    <li>minJavaVersion -- the minimum Java specification version the plugin needs to run.</li>
    <li>databaseKey -- if the plugin requires it's own database tables, the databaseKey element should
            be set with a schema key name (often the same name as the plugin). Database
            schema files for each supported database should then be placed in the <tt>database</tt>
            directory of the plugin. For example, given the key "foo", schema files would be called
            "foo_mysql.sql", "foo_oracle.sql", etc.  We recommend that you prefix your tables with
            "of" (openfire) to avoid conflicts with possible other applications installed in the same
            database.  The scripts should make an entry into the ofVersion table using the key so that
            schema version information can be tracked, e.g.:<br><br>

            <tt>INSERT INTO ofVersion (name, version) VALUES ('foo', 0);</tt><br><br>
    </li>
    <li>databaseVersion -- the database schema version (if a database schema is defined). New plugins
            with a database schema should start at version 0. If future versions of the plugin
            require updates to the schema, those updates can be defined by creating sub-directories
            in the <tt>database/upgrade</tt> directory for each version number. For example, the directories
            <tt>database/upgrade/1</tt> and <tt>database/upgrade/2</tt> would contain scripts such as
            "foo_mysql.sql" and "foo_oracle.sql" that contain the relevant database changes for each
            version. Each script should update version information in the ofVersion table, e.g.:<br><br>

            <tt>UPDATE ofVersion set version=1 where name='foo';</tt><br><br>

    </li>
    <li>parentPlugin -- the name of the parent plugin (given as "foo" for the "foo.jar" plugin).
            When a plugin has a parent plugin, the parent plugin's class loader will be used instead
            of creating a new class loader. This lets plugins work together more closely. A
            child plugin will not function without its parent present.</li>
    <li>licenseType -- indicates the license agreement that the plugin is governed by. Valid
            values are:<ul>
                <li>"commercial": the plugin is released under a commercial license agreement.</li>
                <li>"gpl": the plugin is released under the GNU Public License (GPL).</li>
                <li>"apache": the plugin is released under the Apache license.</li>
                <li>"internal": the plugin is for internal use at an organization only and will
                    not be re-distributed.</li>
                <li>"other": the plugin is released under a license agrement that doesn't fall into
                    one of the other categories. The license agreement should be details in the
                    plugin's Readme.</li>
            </ul>
            If the license type is not set, it is assumed to be other.</li>
</ul>

Several additional files can be present in the plugin to provide additional information to
end-users (all placed in the main plugin directory):
<ul>
    <li><tt>readme.html</tt> -- Optional readme file for plugin, which will be displayed to end users.</li>

    <li><tt>changelog.html</tt> -- Optional changelog file for plugin, which will be displayed to end users.</li>
    <li><tt>logo_small.png</tt> -- Optional small (16x16) icon associated with the plugin. It can also be a .gif file.</li>
    <li><tt>logo_large.png</tt> -- Optional large (32x32) icon associated with the plugin. It can also be a .gif file.</li>
</ul>

<p>Your plugin class must be implement the
<tt><a href="javadoc/org/jivesoftware/openfire/container/Plugin.html">Plugin</a></tt>
interface from the <a href="javadoc/index.html">Openfire API</a> as
well as have a default (no argument) contructor. The Plugin interface has
methods for initializing and destroying the plugin.
</p>

<fieldset>
    <legend>Sample plugin implementation</legend>
<pre class="java">
package org.example;

import org.jivesoftware.openfire.container.Plugin;
import org.jivesoftware.openfire.container.PluginManager;

import java.io.File;

/**
 * A sample plugin for Openfire.
 */
public class ExamplePlugin implements Plugin {

    public void initializePlugin(PluginManager manager, File pluginDirectory) {
        <span class="comment">// Your code goes here</span>

    }

    public void destroyPlugin() {
        <span class="comment">// Your code goes here</span>
    }
}
</pre>
</fieldset>

<h3>General Plugin Best Practices</h3>

<p>When choosing a package name for your plugin, we recommend that you choose
something distinctive to you and/or your organization to help avoid conflicts
as much as possible.  For example, if everyone went with org.example.PluginName,
even if PluginName was different, you might start running into some conflicts
here and there between class names.  This is especially true when working with
clustering.</p>.

<h2>Modifying the Admin Console</h2>

<p>Plugins can add tabs, sections, and pages to the admin console. There
are a several steps to accomplishing this:

<ul>
    <li>An &lt;adminconsole/&gt; section must be added to the
            <tt>plugin.xml</tt> file.
    </li>

    <li>JSP files must be compiled and put into the classpath of the
        plugin. A <tt>web.xml</tt> file containing the compiled JSP
        servlet entries must be put into the <tt>web/</tt> directory
        of the plugin. <i>Note:</i> the Openfire build script
        can assist with compiling JSPs and creating the web.xml. This
        is detailed below.
    </li>
    <li>Any images required by your JSP pages must live in <tt>web/images/</tt>
        directory. Only GIF and PNG images are supported.
    </li>

</ul>

<p>The <tt>&lt;adminconsole /&gt;</tt> section of <tt>plugin.xml</tt> defines additional
tabs, sections and entries in the Admin Console framework. A sample
<tt>plugin.xml</tt> file might look like the following:</p>

<fieldset>
    <legend>Sample plugin.xml</legend>

<pre class="xml">
&lt;?xml version="1.0" encoding="UTF-8"?&gt;
&lt;plugin&gt;
    <span class="comment">&lt;!-- Main plugin class --&gt;</span>
    &lt;class&gt;org.example.ExamplePlugin&lt;/class&gt;

    <span class="comment">&lt;!-- Admin console entries --&gt;</span>

    &lt;adminconsole&gt;
        &lt;tab id="mytab" name="Example" url="my-plugin-admin.jsp" description="Click to manage..."&gt;
            &lt;sidebar id="mysidebar" name="My Plugin"&gt;
               &lt;item id="my-plugin" name="My Plugin Admin"
                   url="my-plugin-admin.jsp"
                   description="Click to administer settings for my plugin"
                   order="4" /&gt;
               &lt;item id="my-plugin" name="My Plugin Overview"
                   url="my-plugin-overview.jsp"
                   description="Click to have an Overview of Plugin usage"
                   order="2" /&gt;
            &lt;/sidebar&gt;
        &lt;/tab&gt;

    &lt;/adminconsole&gt;
&lt;/plugin&gt;
</pre>
</fieldset>

<p>
In this example, we've defined a new tab "Example", a sidebar section "My Plugin" and two pages: "My Plugin Admin"
and "My Plugin Overview". We've registered <tt>my-plugin-admin.jsp</tt> respectively <tt>my-plugin-overview.jsp</tt>
as the pages.
</p>
<p>
By default, the tabs, sidebars and pages will be presented in the order in which they are defined. You can, however,
define explicit ordering by adding an "order" attribute to each element. It's numeric value defines order. If no
order is specified, the value 0 (zero) is used as a default. In the example above, the items are ordered using this
construct. In the admin console, the "My Plugin Overview" page will be presented before the "My Plugin Admin" page,
as its 'order' value is lower. If neither item had defined the 'order' attribute, the presentation of both pages
would have been reversed (as it would have used to order in which the pages are defined in XML).
</p>
<p>
You can override existing tabs, sections, and items by using the existing id attribute values in your own
<tt>&lt;adminconsole&gt;</tt> definition.
</p>

<h3>Admin Console Best Practices</h3>

There are several best practices to consider when making changes to
the Openfire admin console via a plugin. The general theme is
that plugins should integrate seamlessly:

<ul>
        <li>Integrate into existing tabs and sidebar sections whenever possible
            instead of creating your own. Only create new tabs for very
            significant new functionality.
        <li>Don't use the word "plugin" in names of tabs, sidebars and items.
            For example, instead of having an item called "Gateway Plugin", it
            could be called "Gateway Settings".
        <li>Try to match the UI of the existing admin console in your custom
            plugin pages.
        <li>There is no need to create an admin console entry to show plugin
            meta-data. Instead, let Openfire inform the user about which
            plugins are installed and provide plugin management.
</ul>

<h3>Writing Pages for the Admin Console</h3>

<p>

Openfire uses the <a href="http://www.opensymphony.com/sitemesh/" target="_blank">Sitemesh</a>
framework to decorate pages in the admin console. A globally-defined decorator is applied to
each page in order to render the final output, as in the following diagram:</p>
<br>
<div align="center"><img src="images/sitemesh.png" width="484" height="372" alt="Sitemesh"></div>
<br><br>
<p>
Creating pages that work with Sitemesh is easy. Simply create valid HTML pages and then
use meta tags to send instructions to Sitemesh. When rendering the output, Sitemesh will
use the instructions you provide to render the decorator along with any content in the
body of your HTML page. The following meta tags can be used:
<ul>
    <li><b>pageID</b> -- the ID of the page, which must match an entry in the admin console
    XML described above. Either a pageID or subPageID <b>must</b> be specified.</li>

    <li><b>subPageID</b> -- the ID of the sub-page, which must match an entry in the
    admin console XML described above. Sub-pages are used for administrative actions
    related to a parent page ID. For example, editing or deleting a particular group.
    Either a pageID or subPageID <b>must</b> be specified.</li>
    <li><b>extraParams</b> (Optional) -- extra parameters that should be passed in to the page.
    For example, on a page to delete a group it might be the ID of the group. Parameters
    must be URL encoded.</li>
    <li><b>decorator</b> (Optional) -- overrides the Sitemesh decorator to use for the page.
    A decorator named <tt>none</tt> is available that will simply render the page
    without a decorator.</li>

</ul>

The following HTML snippet demonstrates a valid page:

<fieldset>
    <legend>Sample HTML</legend>
<pre>
   &lt;html&gt;
   &lt;head&gt;
       &lt;title&gt;My Plugin Page&lt;/title&gt;

       &lt;meta name="pageID" content="myPluginPage"/&gt;
   &lt;/head&gt;
   &lt;body&gt;
        Body here!
   &lt;/body&gt;
   &lt;/html&gt;
</pre>

</fieldset>

<h4>Using i18n in your Plugins</h4>
<p>
It's possible to translate your plugin into multiple languages (i18n). To do so, use the following
procedure:
<ul>
    <li>Create a "i18n" directory in the root directory of your plugin.</li>
    <li>Add each resource file using the %[plugin_name]%_i18n "_" language ".properties"
        naming convention, where [plugin_name] is the name of the plugin directory. See the
        <a href="translator-guide.html">translator guide</a> for more information about resource
        bundles.</li>
    <li>Convert Strings in your JSP files to refer to the internationalized keys. For example:

        <pre>
        &lt;%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %&gt;
        &lt;%@ taglib uri="http://java.sun.com/jsp/jstl/fmt" prefix="fmt" %&gt;
        ...
        &lt;fmt:message key="some.key.name" /&gt;
        </pre>
    </li>
    <li>Internationalize Strings in your Java files using the LocaleUtils class:<br>
        <tt>org.jivesoftware.util.LocaleUtils.getLocalizedString("some.key.name", "[plugin_name]");</tt>
    </li>
    <li>Internationalize Strings in your plugin.xml file using the ${var} format:<br>
        <tt>&lt;sidebar id="gateways" name="${plugin.sidebar.name}" description="${plugin.sidebar.description}"&gt;</tt><br>
        <tt>&lt;description&gt;${plugin.description}&lt;/description&gt;</tt>
    </li>
</ul>

<h2>Using the Openfire Build Script</h2>

<p>
The Openfire build script will help you build and develop plugins. It
looks for plugin development directories in the following format:
</p>

<fieldset>
    <legend>Plugin Structure</legend>
<pre>myplugin/
 |- plugin.xml      &lt;- Plugin definition file
 |- readme.html     &lt;- Optional readme file for plugin
 |- changelog.html  &lt;- Optional changelog file for plugin
 |- logo_small.gif  &lt;- Optional small (16x16) icon associated with the plugin (can also be a .png file)
 |- logo_large.gif  &lt;- Optional large (32x32) icon associated with the plugin (can also be a .png file)
 |- classes/        &lt;- Resources your plugin needs (i.e., a properties file)
 |- lib/            &lt;- Libraries your plugin needs
 |- src/
     |- database    &lt;- Optional database scripts for your plugin
     |- java        &lt;- Java source code for your plugin
     |   |- com
     |       |- mycompany
     |           |- *.java
     |- web
         |- *.jsp      &lt;- JSPs your plugin uses for the admin console
         |- images/    &lt;- Any images your JSP pages need (optional)
         |- WEB-INF
             |- web.xml    &lt;- Optional file where custom servlets can be registered

</pre>
</fieldset>

<p>The build script will compile source files and JSPs and create a valid
plugin structure and JAR file. Put your plugin directories in the <tt>src/plugins</tt>
directory of the source distribution and then use <tt>ant plugins</tt> to
build your plugins.</p>

<p>Any JAR files your plugin needs during compilation should be put
into the <tt>lib</tt> directory. These JAR files will also be copied into
the plugin's generated <tt>lib</tt> directory as part of the build process.</p>

<p>If you create a src/web/WEB-INF/web.xml file, any servlets registered there
will be initialized when the plugin starts up. Only servlet registrations and servlet
mappings will be honored from the web.xml file. Note: this feature is implemented by
merging your custom web.xml file into the web.xml file generated by the JSP compilation
process.</p>

<h2>Implementing Your Plugin</h2>

<p>Plugins have full access to the Openfire API. This provides a tremendous
amount of flexibility for what plugins can accomplish. However, there are several integration
points that are the most common:

<ol>
    <li>Register a plugin as a <a href="javadoc/org/xmpp/component/Component.html">Component</a>.
 Components receive all packets addressed to a particular sub-domain. For example,
 <tt>test_component.example.com</tt>. So, a packet sent to <tt>joe@test_component.example.com</tt> would
 be delivered to the component. Note that the sub-domains defined as components are unrelated to DNS entries
 for sub-domains. All XMPP routing at the socket level is done using the primary server domain (example.com in the
 example above); sub-domains are only used for routing within the XMPP server.

    <li>Register a plugin as an <a href="javadoc/org/jivesoftware/openfire/IQHandler.html">IQHandler</a>. IQ handlers respond to IQ packets with a particular element name and
  namespace. The following code snippet demonstrates how to register an IQHandler:

  <pre>

  IQHandler myHandler = new MyIQHander();
  IQRouter iqRouter = XMPPServer.getInstance().getIQRouter();
  iqRouter.addHandler(myHandler);
  </pre>

    <li>Register a plugin as a <a href="javadoc/org/jivesoftware/openfire/interceptor/PacketInterceptor.html">
    PacketInterceptor</a> to receive all packets being sent through the system and
    optionally reject them. For example, an interceptor could reject all messages that contained
    profanity or flag them for review by an administrator.</li>
    <li>You can store persistent plugin settings as Openfire properties using the
    JiveGlobals.getProperty(String) and JiveGlobals.setProperty(String, String) methods. Make
    your plugin a property listener to listen for changes to its properties by implementing the
    <tt>org.jivesoftware.util.PropertyEventListener</tt> method.
    You can register your plugin as a listener using the PropertyEventDispatcher.addListener(PropertyEventListener)
    method. Be sure to unregister your plugin as a listener in your plugin's destroyPlugin() method.


</ol>

<h2>Openfire admin tags</h2>
        Openfire provides useful JSP tags that can be used. To enable them on a JSP page, simply add:<br>
        <code>&lt;%@ taglib uri="admin" prefix="admin" %&gt;</code>
        <br>to the top of your JSP page. The tags include:
        <ul>
            <li><code>&lt;admin:ASN1DER value="${ASN.1 DER certificate as a byte[]}"/&gt;</code> (since Openfire 4.0.0)
                will display an ASN.1 DER encoded certificate in an HTML table.</li>
            <li><code>&lt;admin:FlashMessage/&gt;</code> (since Openfire 4.5.0) will display up to three suitably
                decorated session attributes on the rendered page. The keys of these session attributes are defined by
                <code>FlashMessageTag.SUCCESS_MESSAGE_KEY</code>, <code>WARNING_MESSAGE_KEY</code> and
                <code>ERROR_MESSAGE_KEY</code>. This allows messages to be displayed to the user when navigating between
                pages.</li>
        </ul>

        <h2>CSRF protection</h2>
        Admin pages are liable to <a href="https://en.wikipedia.org/wiki/Cross-site_request_forgery">CSRF attacks</a>.
        Openfire provides facilities to aid plugin authors to protect against these attacks on their admin pages. To
        enable CSRF protection:
        <ol>
            <li>Set the plugin.xml <code>minServerVersion</code> to 4.5.0 or above as this is when support was added.</li>
            <li>Set the plugin.xml <code>csrfProtectionEnabled</code> to <code>true</code> to enable CSRF protection for
                the plugin. This will;
                <ul>
                    <li>Guard against CSRF attacks for all requests to admin pages <strong>except</strong> GET requests</li>
                    <li>Set a servlet request attribute with key "csrf"</li>
                </ul>
            </li>
            <li>Ensure that GET requests do not modify any settings or change any data as this protection is not
                enabled for GET requests</li>
            <li>Ensure that any form submitted in the admin page has a field called <code>csrf</code> whose value is that
            defined by the request attribute "csrf" - for example:<br>
                <code>&lt;input name="csrf" value="&lt;c:out value="${csrf}"/&gt;" type="hidden"&gt;</code></li>
        </ol>
        If a CSRF attack is detected, the admin page will be reloaded (with a simple HTTP GET request) with
        the session attribute <code>FlashMessageTag.ERROR_MESSAGE_KEY</code> set to indicate the problem - it's
        therefore advised to include the <code>&lt;admin:FlashMessage/&gt;</code> at the top of your JSP page.

        <p><strong>NOTE</strong>: It is still important to ensure that all your output is properly escaped using
        <code>&lt;c:out&gt;</code> tags or the equivalent.</p>

<h2>Plugin FAQ</h2>

<b>Can I deploy a plugin as a directory instead of a JAR?</b>
<p>No, all plugins must be deployed as JAR or WAR files. When a JAR or WAR is not present for the plugin,
Openfire assumes that the file has been deleted and that the users wants to destroy the plugin,
so it also deletes the directory.</p>

<br>
<br>

    </div>

</div>

</body>
</html>
